Biggest DDoS ever (1Tbps+), leveraging from IoT


#1

Timing is everything and SAFEnetwork to the rescue
#2

Internet of Targets as Brian Sovryn calls it. None of that BS is getting in to my house. People to lazy too get off their ass to turn on a lamp or start the kettle to boil some water. :dizzy_face:


#3

My IoT devices are going into a private network not open to the internet. But I will design them myself anyhow

I am going to see how messaging goes with SAFE and hopefully have full crypto signing.


#4

Would you connect to the full network or stick to LAN running safe?


#5

With full crypto signing, then I prob will. But there will be limit as to what is allowed from external sources.

I am thinking along the lines that most IoT devices in the network will not have the compute power to be nodes, so there will be a “gateway” that is a node and it will vet any messages and the only messages it will look at are ones from sources it expects. Then the message has to be correctly formed and signed.

Messaging will be huge for IoT, and with Safe network messaging will solve a lot of the security issues that are in IoT devices exposed to the web. It becomes possible to filter what the device listens to.

Of course if people program their device to listen to anyone then security is just like the current web.


#6

Just for context, I do low level IoT stuff a lot. Very little if any house automation or video.


#7

Sounds fun and fascinating @neo. I hope to read about your IoT stuff one day :slight_smile:


#8

So that’s prolly where a whitelist comes in eh? That’s cool you are into the IoT stuff. Hope to see you pioneer that on safe in the future :smile:


#9

Yes.

Unlike the traditional web where people can spoof an ip address and appear to come from your whitelist.

In SAFE the whitelist is not XOR address but rather user ID. This would require that the spoofer actually cracks that account and uses it.

Then if needed/desired the messages can be encrypted with a pre-shared key pair that is locked with an encrypting password in the APP the user runs to communicate with the IoT network.


#10

I understand what you’re getting at but I still don’t see that that totally fixes the problem. If the setup you’re talking about becomes common place, the target no longer becomes the IoT devices but merely the router (as the article states, the previous record setting DDoS was from hacked routers). Hack the router, change some DNS, then just start sending simple commands that cause chatter among your LAN IoT devices to create more noise.

For what it’s worth, pretty ingenious to have 10’s of thousands of IoT cameras streaming data at a server to up the overall B/s in the attack.


#11

The devices will ignore the internet if they cannot get the messages from the outbox of the account they expect them from. So if the routers starts spewing out crap then the IoT devices will not be getting any remote commands. The other IoT devices are talking over their own internal network isolated from the internet by the “gateway” IoT devices that ignore any non-safe packets.

Yes there is still a very small risk, but the real problem would be not being able to send their data to a remote device/computer or receive data from a remote device or user.


#12

OoO! I missed the gateway part the first read through. I like that. I also see what you mean about the messages and the inbox. I was always thinking of “messages” as direct push messages across the wire (more akin to TCP packet). However, using them more as a secure e-mail with a constant poll (or push from the “e-mail inbox” ) does solve what I was thinking was the issue.


#13

https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

:stuck_out_tongue: